General
-
Target
f830b3de23b0ffb7324d2941f5850fed4e88488e470681c9ab75baa4488bc290
-
Size
638KB
-
Sample
221203-1q3vmsgg93
-
MD5
6ad82082536a99fa9b1d805b2ea5d8ed
-
SHA1
506e0bb72b429bea301b0bd7375e6a6f92f181dd
-
SHA256
f830b3de23b0ffb7324d2941f5850fed4e88488e470681c9ab75baa4488bc290
-
SHA512
84bbcfdf4fe3048b54f024a13de2fc10bc42d2e23d71b867b8bcccebc3b22961ac5c31b5ae4d45649e423ebf4da288d8390f595569d6c25b81bea57fc0fdb0d4
-
SSDEEP
12288:W3x3Sf4TasV6Lse0XPWYtpIe5YoaMYx5xv9m77szx888888888888W888888888N:w84Taa6L2VprYugxv9QZElpl
Static task
static1
Behavioral task
behavioral1
Sample
f830b3de23b0ffb7324d2941f5850fed4e88488e470681c9ab75baa4488bc290.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
f830b3de23b0ffb7324d2941f5850fed4e88488e470681c9ab75baa4488bc290.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
f830b3de23b0ffb7324d2941f5850fed4e88488e470681c9ab75baa4488bc290
-
Size
638KB
-
MD5
6ad82082536a99fa9b1d805b2ea5d8ed
-
SHA1
506e0bb72b429bea301b0bd7375e6a6f92f181dd
-
SHA256
f830b3de23b0ffb7324d2941f5850fed4e88488e470681c9ab75baa4488bc290
-
SHA512
84bbcfdf4fe3048b54f024a13de2fc10bc42d2e23d71b867b8bcccebc3b22961ac5c31b5ae4d45649e423ebf4da288d8390f595569d6c25b81bea57fc0fdb0d4
-
SSDEEP
12288:W3x3Sf4TasV6Lse0XPWYtpIe5YoaMYx5xv9m77szx888888888888W888888888N:w84Taa6L2VprYugxv9QZElpl
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-